Mastering SSH

1. Authentication with SSH Keys

The most secure and convenient way to connect is using asymmetric keys instead of passwords.

1.1 Generate a key pair

On your local computer (not on the server), generate a key pair:

ssh-keygen -t ed25519 -C "your@email.com"

Press Enter to accept the default path and, optionally, set a passphrase for the key for extra security.

1.2 Copy the key to the server

Use the ssh-copy-id command to send your public key to the server:

ssh-copy-id user@192.168.1.100

After entering your password one last time, you will be able to log in without it:

ssh user@192.168.1.100

2. Configuration File (~/.ssh/config)

If you manage multiple servers, memorizing IPs and users is a pain. Create a ~/.ssh/config file on your local computer:

nano ~/.ssh/config

Add your servers:

Host home-server
    HostName 192.168.1.100
    User alex
    IdentityFile ~/.ssh/id_ed25519

Host vps
    HostName 203.0.113.10
    User admin
    Port 2222

Now you can connect simply by typing:

ssh home-server

3. Hardening: Disable password authentication

Once the keys are working, disable password access to prevent brute force attacks.

On the server, edit the SSH configuration:

sudo nano /etc/ssh/sshd_config

Find and modify these lines:

PasswordAuthentication no
PermitRootLogin no
ChallengeResponseAuthentication no

Restart the SSH service to apply changes:

sudo systemctl restart ssh

Now your server is much more secure and accessible!